feat: automation resolvers #4165
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Based on https://docs.github.com/en/actions/deployment/deploying-to-your-cloud-provider/deploying-to-amazon-elastic-container-service | |
| name: PR Updated triggers | |
| on: | |
| pull_request: | |
| types: [labeled, unlabeled, synchronize, closed, reopened, opened] | |
| env: | |
| AWS_REGION: us-east-1 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| jobs: | |
| path-filter: | |
| runs-on: ubuntu-latest | |
| if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || github.event.action == 'closed' | |
| outputs: | |
| docs: ${{ steps.changes.outputs.docs }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: dorny/paths-filter@v3 | |
| id: changes | |
| with: | |
| filters: | | |
| docs: | |
| - 'docs/**' | |
| # you can skip the build by adding 'skip-build' to the commit message, useful when testing tests | |
| skip_build_sha: | |
| outputs: | |
| skip-build-sha: ${{ steps.last-build.outputs.skip-build-sha }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| ref: ${{ github.event.pull_request.head.sha }} | |
| - name: Check if skip-build is in the commit message | |
| id: check | |
| run: | | |
| echo "commit message: $(git log -1 --pretty=%B)" | |
| if [[ "$(git log -1 --pretty=%B)" == *"skip-build"* ]]; then | |
| echo "skip-build is in the commit message" | |
| echo "skip-build=true" >> $GITHUB_OUTPUT | |
| else | |
| echo "skip-build is not in the commit message" | |
| echo "skip-build=false" >> $GITHUB_OUTPUT | |
| echo "skip-build-sha=" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Find last successful build SHA | |
| id: last-build | |
| if: ${{ steps.check.outputs.skip-build == 'true' }} | |
| env: | |
| GH_TOKEN: ${{ github.token }} | |
| run: | | |
| pr_number="${{ github.event.pull_request.number }}" | |
| # get all workflow runs for this PR | |
| gh api "/repos/${{ github.repository }}/actions/workflows/on_pr.yml/runs?event=pull_request&per_page=100" \ | |
| --jq ".workflow_runs[] | select(.pull_requests[]?.number == ${pr_number}) | select(.id < ${{ github.run_id }}) | {id: .id, sha: .head_sha, created: .created_at}" \ | |
| | jq -s 'sort_by(.created) | reverse | .[].id' -r \ | |
| | while read run_id; do | |
| echo "Checking run: $run_id" | |
| # check if build-all job succeeded in this run | |
| run=$(gh api "/repos/${{ github.repository }}/actions/runs/${run_id}/jobs") | |
| echo "Run: $run" | |
| all_success=$(echo "$run" | jq '[.jobs[] | select(.name | contains("build-all")) | .conclusion] | all(. == "success")') | |
| echo "All success for $run_id: $all_success" | |
| if [ "$all_success" == "true" ]; then | |
| # get the SHA for this run | |
| successful_sha=$(gh api "/repos/${{ github.repository }}/actions/runs/${run_id}" --jq '.head_sha') | |
| echo "skip-build-sha=$successful_sha" >> $GITHUB_OUTPUT | |
| echo "Found last successful build at SHA: $successful_sha (run: $run_id)" | |
| exit 0 | |
| fi | |
| done | |
| if [ "$all_success" == "false" ]; then | |
| echo "skip-build-sha=" >> $GITHUB_OUTPUT | |
| echo "No previous successful build found in this PR" | |
| fi | |
| ci: | |
| if: github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'preview') | |
| uses: ./.github/workflows/ci.yml | |
| build-all: | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || (github.event.action == 'labeled' && github.event.label.name == 'preview')) && (needs.skip_build_sha.outputs.skip-build-sha == '') | |
| needs: | |
| - path-filter | |
| - skip_build_sha | |
| uses: ./.github/workflows/ecrbuild-all.yml | |
| secrets: | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| e2e: | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize') && always() && (needs.build-all.result == 'success' || needs.build-all.result == 'skipped') | |
| needs: | |
| - path-filter | |
| - build-all | |
| uses: ./.github/workflows/e2e.yml | |
| with: | |
| image-tag-override: ${{ needs.skip_build_sha.outputs.skip-build-sha || '' }} | |
| secrets: | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| deploy-preview: | |
| if: needs.build-all.result == 'success' | |
| uses: ./.github/workflows/pull-preview.yml | |
| needs: | |
| - build-all | |
| permissions: | |
| contents: read | |
| deployments: write | |
| pull-requests: write | |
| statuses: write | |
| with: | |
| # PLATFORM_IMAGE: 246372085946.dkr.ecr.us-east-1.amazonaws.com/pubpub-v7-core:2b9a81a279c4e405bbedcdbb697c897ded52fbc0 | |
| # JOBS_IMAGE: 246372085946.dkr.ecr.us-east-1.amazonaws.com/pubpub-v7-jobs:c786662f4899de16a621e366a485eca5adda4d6a | |
| # MIGRATIONS_IMAGE: 246372085946.dkr.ecr.us-east-1.amazonaws.com/pubpub-v7:c786662f4899de16a621e366a485eca5adda4d6a | |
| # SITE_BUILDER_IMAGE: 246372085946.dkr.ecr.us-east-1.amazonaws.com/pubpub-v7-site-builder:c786662f4899de16a621e366a485eca5adda4d6a | |
| PLATFORM_IMAGE: ${{ needs.build-all.outputs.core-image }} | |
| JOBS_IMAGE: ${{ needs.build-all.outputs.jobs-image }} | |
| MIGRATIONS_IMAGE: ${{ needs.build-all.outputs.base-image }} | |
| SITE_BUILDER_IMAGE: ${{ needs.build-all.outputs.site-builder-image }} | |
| AWS_REGION: "us-east-1" | |
| COMPOSE_FILES: docker-compose.preview.pr.yml | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GH_PAT_PR_PREVIEW_CLEANUP: ${{ secrets.GH_PAT_PR_PREVIEW_CLEANUP }} | |
| PREVIEW_DATACITE_REPOSITORY_ID: ${{ secrets.PREVIEW_DATACITE_REPOSITORY_ID }} | |
| PREVIEW_DATACITE_PASSWORD: ${{ secrets.PREVIEW_DATACITE_PASSWORD }} | |
| close-preview: | |
| uses: ./.github/workflows/pull-preview.yml | |
| if: ${{(github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'preview')) || (github.event.action == 'unlabeled' && github.event.label.name == 'preview')}} | |
| permissions: | |
| contents: read | |
| deployments: write | |
| pull-requests: write | |
| statuses: write | |
| with: | |
| PLATFORM_IMAGE: "x" # not used | |
| JOBS_IMAGE: "x" # not used | |
| MIGRATIONS_IMAGE: "x" # not used | |
| SITE_BUILDER_IMAGE: "x" # not used | |
| AWS_REGION: "us-east-1" | |
| secrets: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| GH_PAT_PR_PREVIEW_CLEANUP: ${{ secrets.GH_PAT_PR_PREVIEW_CLEANUP }} | |
| PREVIEW_DATACITE_REPOSITORY_ID: ${{ secrets.PREVIEW_DATACITE_REPOSITORY_ID }} | |
| PREVIEW_DATACITE_PASSWORD: ${{ secrets.PREVIEW_DATACITE_PASSWORD }} | |
| deploy-docs-preview: | |
| permissions: | |
| contents: write | |
| pages: write | |
| pull-requests: write | |
| needs: | |
| - path-filter | |
| if: (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize') && needs.path-filter.outputs.docs == 'true' | |
| uses: ./.github/workflows/build-docs.yml | |
| with: | |
| preview: true | |
| close-docs-preview: | |
| needs: | |
| - path-filter | |
| permissions: | |
| contents: write | |
| pages: write | |
| pull-requests: write | |
| if: github.event.action == 'closed' && needs.path-filter.outputs.docs == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Close docs preview | |
| uses: rossjrw/pr-preview-action@v1 | |
| with: | |
| source-dir: docs/out | |
| action: remove | |
| status-check: | |
| needs: | |
| - ci | |
| - e2e | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: ok | |
| run: | | |
| echo ok |